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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 2/26/2002; 
amendment filed 1/2/2007. 

2. Claims 1, 3-23 and 25-37 are pending in the case. Claims 1 and 22 are amended 
by the applicant. 

Information Disclosure Statement 

3. Information Disclosure Statement submitted by applicant on 1/1/2007 has been 
reviewed. Please see attached form PTO-1449. 

Response to Arguments 

4. Applicant's arguments filed 4/21/2005 have been fully considered but are not 
persuasive. 

4.1 . Applicant argues: "Amended independent claims 1 and 22 include, among other 
limitations "wherein the user transaction data record includes a data element indicating a present 
state of the user transaction data record from a plurality of predetermined states, each 
predetermined state allowing only a predetermined type of operations to be performed on the 
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user transaction data record" and "controlling the user transaction data record to perform 
operations that are allowed for the present state of the user transaction data record." Cordery 
does not disclose the above limitations." However, as indicated in the next section, Cordery 
teaches checking the freshness of the meter record, and allowing or disallowing activity 
accordingly, which meets the recited limitations. 

4.2. In addition, applicant's amendment has made claims 1 and 22 indefinite because 
the claim language does not make it clear whether the state indicated by the data 
element is used to control transaction activity, or modification of the data record itself. 
The applicant also failed to identify related portions of specification that support and 
clarify the new limitation, and therefore amendments lack written description support. 

Accordingly, applicant's argument regarding allowability of claims 1 , 3-23 and 25-37 is 
non persuasive. 

Claim Rejections - 35 USC §112 

5. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

6. Claims 1, 3-23 and 25-37 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
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matter, which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. Applicant has not identified portions 
of specification in support of the new limitation: "wherein the user transaction data 
record includes a data element indicating a present state of the user transaction data 
record from a plurality of predetermined states, each predetermined state allowing only 
a predetermined type of operations to be performed on the user transaction data record" 
and "controlling the user transaction data record to perform operations that are allowed 
for the present state of the user transaction data record." 

7. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

8. Claims 1 , 3-23 and 25-37 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. Claims include "wherein the user 
transaction data record includes a data element indicating a present state of the user 
transaction data record from a plurality of predetermined states, each predetermined 
state allowing only a predetermined type of operations to be performed on the user 
transaction data record". Claims also include the limitation: "controlling the user 
transaction data record to perform operations that are allowed for the present state of 
the user transaction data record". It is not clear if the purpose of state is enforcing 
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control on what can be performed on the record itself, or the transaction operations. As 
indicated above, the pertinent portion of the specification is not specified. 

Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the Invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10. Claims 1, 3-23 and 25-37 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Cordery (US Patent No. 6,466,921, filed 6/12/1998. 

10.1. As per claims 1 and 22, Cordery is directed to a system and method for providing 
public key infrastructure security in a wide area computer network (Fig. 1 and abstract), 
comprising: a user terminal (Fig. 1, item 20 and associated text) coupled to the 
computer network (Fig. 1); a user transaction data record assigned to a user (col. 8 
lines 17-24, the meter record is assigned to a user), wherein the user transaction data 
record includes a data element indicating a present state of the user transaction data 
record from a plurality of predetermined states, each predetermined state allowing only 
a predetermined type of operations to be performed on the user transaction data record 
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(col. 8 lines 17-24 shows that the freshness of the data record is verified. Freshness 
describes two states of being fresh or not being fresh. Col. 4 lines 34-43 or col. 9 lines 
40-58 shows using freshness to determine whether a transaction can be performed or 
not. Note that implementing the freshness state of the data record inherently requires a 
data element to indicate the state); a private key, and a public key assigned to a user for 
authenticating the user transaction data record (col. 8 lines 17-24, where the Function 
Server verifies the signature of the meter record, and therefore authenticating the meter 
(transaction data) record) when the user registers with the system using the user 
terminal (col. 6, line 49 to 56, note that Fig. 1 item 38 and associated text shows how 
keys are generated. Also note that col. 10 line 20-27 suggests use of public and private 
keys as an alternative); a database remote from the user terminal for securely storing 
the transaction data record in the user transaction data record assigned to the user (Fig. 
1, item 36 and associated text. Note that per col. 6, line 36-44, all keys related to users 
and their accounts are stored in the database); and a cryptographic device remote from 
the user terminal and coupled to the computer network including a computer executable 
code (column 7 lines 7 to 17, and "boxes" as shown in Fig. 1 and associated text) for 
signing the data in the user transaction data record utilizing the stored private key in the 
database (col. 8, lines 25-29), and for controlling the user transaction data record to 
perform operations that are allowed for the present state of the user transaction data 
record (Cordery teaches using freshness to determine whether a transaction can be 
performed or not (see for example col. 4 lines 34-43 or col. 9 lines 40-58)) . 
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10.2. Claim 2 is cancelled. 

10.3. As per claim 3, Cordery is directed the system of claim 1 , wherein the private key 
is encrypted when it is stored in the database (column 8 lines 29 to 30). 

10.4. As per claim 4, Cordery is directed the system of claim 2, wherein a respective 
security device transaction data related to the user is loaded into a cryptographic device 
when the user requests a service (col. 8 lines 8-28). 

10.5. As per claims 5-1 0, Cordery is directed the system of claim 1 , wherein the 
cryptographic device is configured to authenticate the identity of the user and verify that 
the identified user is authorized to assume a role and perform a corresponding 
operation (Fig. 2, item 62 and associated text describes a mailer (user) database, that 
stores related information to the user. Col. 8, lines 14-18, describes user authentication. 
It is the general purpose of user authentication to determine user access rights and 
roles to allow the user to perform the activities corresponding to their role) 

10.6. As per claim 1 1 , Cordery is directed the system of claim 5, wherein the 
cryptographic device includes a computer executable code for supporting multiple 
concurrent users and maintaining a separation of roles and operations performed by 
each user (column 6, line 14-27, indicates multiple mailers (users) can connect to the 
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system in the real-time). 

107. As per claim 12, Cordery is directed the system of claim 5, wherein the 
cryptographic device stores information about a number of last transactions in a 
respective internal register (disclosed by column 8 lines 19 to 25, where the data record 
freshness is verified). 

10.8. As per claim 13, Cordery is directed the system of claim 12, wherein the 
database stores a table including the respective information about a last transaction a 
verification module to compare the information saved in the device with the information 
saved in the database (column 8 line 19 to line 25, also see col. 7, lines 27-50). 

10.9. As per claim 14, Cordery is directed the system of claim 1 .further comprising a 
digital certificate stored in the database and assigned to a user when the user registers 
with the system (column 6 line 1-5, describes sending the indicium to the user with a 
token (digital certificate)). 

10.10. As per claim 15, Cordery is directed the system of claim 1, wherein the 
cryptographic device is configured for digitally signing a certificate (see response to 
claim 14). 



10.11. 



As per claim 16, Cordery is directed the system of claim 1, wherein the 
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cryptographic device is configured for encrypting data (see response to claim 1). 

10.12. As per claim 17, Cordery is directed the system of claim 1, wherein the 
cryptographic device is configured for decrypting data (see response to claim 1). 

10.13. As per claim 18, Cordery is directed the system of claim 1, wherein the 
database includes a user profile for the user (column 6 line 49 to 56). 

10.14. As per claim 19, Cordery is directed to the system of claim 18, wherein the 
user profile includes username, password, account expiration, user role, logon failure 
count, logon failure limit, logon time-out limit, password expiration, and password period 
(column 6 lines 49-56). 

10.15. As per claim 20, Cordery is directed to system of claim 5, wherein the 
cryptographic device is capable of performing one or more of DES (clearly disclosed in 
column 8 line 42 to 60), Rivest, Shamir and Adleman (RSA) public key encryption, 
Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms 
(which are comparable encryption algorithms to DES and an apparent choices to a 
person skilled in the art to use as alternative methods of encryption). 

10.21. As per claim 21 , Cordery is directed to system of claim 5, wherein the 
cryptographic device stores information about a number of last transactions in an 
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internal register and compares the information saved in the register with the information 
saved in a memory before loading a new transaction data (as mentioned in response to 
claim 12, record freshness is checked before the transaction is allowed). 

10.22. Limitations of claims 22-37 are substantially the same as limitations of claims 1- 
21 above. 

Conclusion 

1 1 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3937. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Farid Homayounmehr 
3/14/2007 
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SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



